H1N1 and social engineering

The spammers become extremely good at social engineering. The latest one I received is very clever.

From: Centers for Disease Control and Prevention [674651373med@cdcdelivery.gov]
To: *Security Reporting
Subject: Create your personal Vaccination Profile

You have received this e-mail because of the launching of State Vaccination H1N1 Program.
You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people.
Create your Personal H1N1 Vaccination Profile using the link:

create personal profile

This mail is damned clever.

  • First of all, it uses basic fear motivation: the swine flu and the current actuality: vaccination.
  • Then a pinch of truth “The Vaccination is not obligatory” and then the trick “every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site” That you vaccinate or not, you have to register!!
  • Of course, the CDCs exist and the site cdc.gov also. The address inside the link of course does not point to cdc.gov but to an .im This extension belongs to the Isle of Man but can be used by any individual.
  • Grammar and orthography are OK (at least for me 🙂 ) which is often not the case

When such a mail arrives in a non personal mailbox, there is no doubt that it is a malware. But, will Joe Average detect it as such? Will he not follow the initial reactions of his reptilian brain (flu = fear, CDC = authority…)?

Social engineering is definitively a dangerous weapon.

[update: 3-dec The news about this malware is every where on the blogosphere. Here are more technical details http://blog.appriver … tribute-malware.html ]

Leave a Reply

Your email address will not be published. Required fields are marked *